Among others, I found Gregory Tetrault's comments especially interesting, suggesting that—apart from the clear threat potential of this 'bundled spyware' route—Intego press releases can be seen as something of a hype by an interested party.
Well i agree there... i'm no fan of Intego, i don't use it and i don't recommend that anyone else use it. (ClamXav is more my speed).
Nonetheless, i still find this particular screensaver/trojan rather suspicious (especially in the admin password request department).
Intego has been monitoring the actions of the different versions it has found of this spyware. It has discovered that, after a certain time, the spyware makes an “upgrade†and installs another application, which is another variant of the same spyware, called PermissionResearch. (It is also possible that further versions of this spyware will upgrade themselves to other variants.) Intego has updated its threat filters today (June 2, 2010) to improve proactive detection of this type of spyware. We strongly recommend that all VirusBarrier X5 and X6 users update their threat filters as soon as possible.
And also: some place called Hardmac has posted the "terms of agreement" between the user and some company called VoiceFive.
idunno... perhaps they don't harvest credit card numbers, but it still smells rotten somehow.
Albeit, very sugar-coated: http://7art-screensavers.com/Mac_OS_X.shtml   (vomit)
